Article 65 – Security and Privacy Awareness Training Policy
49220.4 Policy Directives
-
The department shall:
-
Establish a formal department privacy and security awareness training program, with clearly defined roles and responsibilities, designed to be delivered to all personnel with access to department information assets.
-
Provide privacy and security awareness training to all personnel upon commencement of their employment with the department, and on an annual basis thereafter.
-
Ensure role-based privacy and security awareness training content is delivered commensurate with personnel roles and responsibilities.
-
Ensure effectiveness of the security awareness program through a process of tracking and reporting metrics.
-
Maintain individual records of all security and privacy training undertaken annually by department personnel for a period of three (3) years or as defined in the records retention schedule.
-